Application Security Foundations: Level 1

This introductory course will answer all of your burning questions and define all of the technical terms right at the start. Then we will set goals for your AppSec program at work as an exercise. After this we dive in deep into every type of application security activity and tool on the market, while sprinkling you with quizzes and exercises. As a final project we make an AppSec program action plan for you to bring back to work with you.
Product Description.pdf

Course Introduction

Course Introduction

3 mins

Prerequisites

Meet Your Trainer

4 mins

History Lesson

5 mins

Your Textbook: Alice and Bob Learn Application Security

Definitions and Burning Questions

What is AppSec, what is DevSecOps, and why do they matter?

What is 'Cyber'?

2 mins

Computer Sciences vs Application Security

3 mins

What is Application Security?

2 mins

What is a Tech Stack?

4 mins

Can you jump right into an Application Security position?

2 mins

Is application security just coding?

4 mins

What is DevOps?

5 mins

Biggest Application Security Challenges

3 mins

Skillsets needed for Application Security

4 mins

How can I get into AppSec?

5 mins

Definitions and Burning Questions: Quiz

Application Security Goals

What are program goals?

3 mins

Goal: Inventory

2 mins

Goal: Finding Vulnerabilities

3 mins

Goal: The Knowledge to Fix What You Have Found

3 mins

Goal: Giving Developers Security Tools

3 mins

Goal: Education and Reference Materials

3 mins

Goal: Secure SDLC

4 mins

Goal: Incident Response

3 mins

Goal: Continuous Improvement

4 mins

Application Security Goals: Quiz

Choosing Goals

Choosing your program goals.

5 mins

Setting Goals.pdf

554 KB

AppSec Activities - The Basics

Interactive Exercise!

2 mins

Interactive AppSec Activities Assigment

528 KB

Tactics versus Strategy

2 mins

VA Scans and Security Assessments

4 mins

Threat Modelling

4 mins

Secure Code Review and SAST

5 mins

Software Composition Analysis (SCA)

4 mins

Penetration Testing

5 mins

AppSec Activities - The Basics: Quiz

AppSec Activities - Intermediate

Developer Education and Advocacy Programs

2 mins

Coordinated Disclosure

6 mins

Policies, Guidelines and Standards

2 mins

Giving Developers Security Tools

3 mins

Secure Coding Library/ Templates

3 mins

Security Reference Materials

2 mins

‘The Partnership Model’

3 mins

Metrics and Measurement

2 mins

Security Regression Testing (with unit tests)

3 mins

Capture The Flag and Gamification

3 mins

Reviewing New Tech

2 mins

IDE Tools

2 mins

Adding a shield in front of your app (WAF/RASP)

3 mins

AppSec Activities - Intermediate: Quiz

AppSec Activities - DevOps Flavoured

Adding Security Tooling to a Pipeline

3 mins

Asynchronous Pipeline

3 mins

Chaos Engineering and Red Teaming

3 mins

Security Sprints

3 mins

Asking directly for feedback from Dev & Ops

2 mins

Turning PenTest results into Unit Tests

2 mins

AppSec Activities - DevOps Flavoured: Quiz

AppSec Activities - Advanced

Team-Specific Customized Security Training

3 mins

Creating Custom Tools

4 mins

Bug Bounties

5 mins

Red Teaming

4 mins

Targeting an Entire Bug Class

4 mins

Security Exercises and Simulations

5 mins

Did you complete the interactive assignment?

2 mins

Interactive AppSec Activities Assigment.pdf

528 KB

AppSec Activities - Advanced: Quiz

AppSec Tooling - The Basics

Interactive Tooling Assignment

2 mins

Interactive AppSec Tooling Assigment

382 KB

Introduction to AppSec Tooling

5 mins

Static Application Security Testing (SAST)

5 mins

Software Composition Analysis Tools

5 mins

Web Proxy

4 mins

Dynamic Application Security Testing (DAST)

6 mins

Fuzzing

4 mins

VM & Container VA scanners

5 mins

AppSec Tooling - The Basics: Quiz

AppSec Tooling - Intermediate

API Tools that Speak Directly to the API

6 mins

Web Application Firewall (WAF)

6 mins

Vulnerability Management

4 mins

IDE Tools and Hooks

4 mins

Tooling Made for Pipelines

5 mins

Unit Test Creativity

4 mins

AppSec Tooling - Intermediate: Quiz

AppSec Tooling - Modern Twist

Interactive Application Security Testing (IAST)

5 mins

SIEM + App integration

3 mins

Runtime Application Security Protection (RASP)

5 mins

Service Mesh

3 mins

API Gateway

4 mins

Application and Web Asset Inventory

4 mins

AppSec Tooling - Modern Twist: Quiz

AppSec Adjacent Tooling

Integrated Bug Tracker for Vulnerabilities

5 mins

Cloud Native

3 mins

Playbooks = Workflows + Serverless Apps

4 mins

VM/Container VA Scanners - Again

4 mins

Application Control Tooling

3 mins

File Integrity Monitoring

3 mins

AppSec Tooling Exercise - What to do.

2 mins

Interactive AppSec Tooling Assigment.pdf

382 KB

AppSec Adjacent Tooling: Quiz

Updating Your Goals

Final Project

3 mins

Final Project - Update Your Goals.pdf

762 KB

Conclusion

Conclusion

3 mins

Thank you for choosing We Hack Purple.

2 mins

Table of contents

Definitions and Burning Questions

Application Security Goals

AppSec Activities - The Basics

AppSec Activities - Intermediate

AppSec Activities - DevOps Flavoured

AppSec Activities - Advanced

AppSec Tooling - The Basics

AppSec Tooling - Intermediate

AppSec Tooling - Modern Twist

AppSec Adjacent Tooling